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KEY EXCHANGE FOR NETWORK ARCHITECTURE 
Technical Field 

This invention relates generally to management techniques for a 
communications network and, more particularly, to a system and method for 
providing secure communications in a communications network. 

Background of the Invention 

As deployment of global IP networks becomes more widespread, there are 
several challenges faced by users of such networks, such as providing secure 
access for users. Conventional protocols for providing user security are 
inadequate. 

For example, as illustrated in Fig. 1. atypical communication system 10 
may include a mobile node 12 positioned within a foreign domain 14 that is 
serviced by a foreign agent 16. The foreign agent 16 may be operably coupled to 
the mobile node 12 and a home agent 18 that services a home domain 20 by 
communication pathways, 22 and 24, respectively. Communication between the 
mobile node 12, foreign agent 16, and home agent 18 may be provided by a 
conventional IP communications protocol such as, for example, TCP/IP. 

During operation, the mobile node 12 may roam over the foreign domain 
14. In order to securely communicate messages between the mobile node 12 
and the home agent 18, a secure communication pathway should be provided 
between the mobile node and the foreign agent and between the foreign agent 
and the home agent. One method of providing a secure communication pathway 
between the mobile node 12 and the home agent 18 is to encrypt 
communications between the mobile node and home agent using one or more 
shared secrets, or encryptions keys. However, conventional methods of 
providing such encryption keys suffer from a number of serious drawbacks. 

For example, in order to provide a secure communication pathway 
between the mobile node 12 and the foreign agent 16, a predefined shared 
secret, or encryption key, could be used to provide secure communications over 
the communications pathway 24, However, in order to permit secure 
communications between the mobile node 12 and all possible foreign agents, a 
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virtually infinite number of predefined shared secrets, or encryption keys, would 
be required for every potential mobile node/foreign agent relationship. Such a 
static method of providing encryption keys is highly impractical. Alternatively, an 
encryption key for communications between the mobile node 12 and the foreign 
5 agent 16 could be provided by using a public key authentication or a digital 
signature. However, both of these methods rely upon a preexisting secure 
communication pathway between the mobile node 12 and an IKE or PKI provider 
and therefore are inefficient from the standpoint of time and cost. 

Thus, existing methods for providing secure. communications in a 
0 communication network do not permit the security associations between the 
entities in the network to be dynamically configured, renewed, or reset. 
Furthermore, the existing methods for providing secure communications in a 
communication network are slow and inefficient. 

The present invention is directed to improving user security in 
5 communication networks. 
Summary of the Invention 

According to one aspect of the present invention, a system for providing 
secure communication of messages between a mobile node and a home domain 
using a foreign domain is provided that includes means for transmitting a 
registration request from the mobile node to the home domain, the request 
comprising an identity of the mobile node in encrypted form and network routing 
information in non-encrypted form, means for processing the registration request 
from the mobile node within the home domain and generating a registration reply 
comprising one or more encryption keys for encrypting messages to be 
communicated between and among the mobile node, home domain, and the 
foreign domain, and means for transmitting the registration reply from the home 
domain to the foreign domain and the mobile node. 

According to another aspect of the present invention, a method of 
providing secure communication between a mobile node and a home domain 
using a foreign domain is provided that includes transmitting a registration 
message from the mobile node to the home domain, the message comprising an 
identity of a user of the mobile node in encrypted form and network routing 

-2- 

3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



information in non-encrypted form, the home domain receiving and processing 
the registration message to generate a registration reply comprising one or more 
encryption keys for encrypting data to be communicated between and among the 
mobile node, home domain, and the foreign domain, and transmitting the 
5 registration reply from the home domain to the foreign domain and the mobile 
node. 

According to another aspect of the present invention, a communications 
network is provided that includes a home domain, a foreign domain operably 
coupled to the home domain, and a mobile node operably coupled to the foreign 

10 domain. The mobile node is adapted to generate and transmit a registration 
request to the foreign domain, the registration request including an identity of the 
mobile node in encrypted form and network routing information in non-encrypted 
form. The foreign domain is adapted to relay the registration request to the home 
domain. The home domain is adapted to receive the registration request and 

15 generate encryption keys for encrypting data to be communicated between and 
among the home domain, the foreign domain, and the mobile node. 

According to another aspect of the present invention, a method of 
providing secure communications between a mobile node and a home domain 
using a foreign domain in a communications network is provided that includes the 

20 home domain authenticating the mobile node and the foreign domain, and 
transmitting data between the mobile node and the home domain through the 
foreign domain. 

According to another aspect of the present invention, a registration request 
message for use in registering a mobile node and a foreign domain with a home 
25 domain in a communications network is provided that includes a network address 
for the home domain and a network address for the mobile node. The home 
domain and the mobile node share an encryption key for encrypting messages, 
and the network address for the mobile node is encrypted using the shared 
encryption key. 

30 According to another aspect of the present invention, a registration reply 

message for use in registering a mobile node and a foreign domain with a home 
domain in a communications network is provided that includes encryption keys for 
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encrypting data to be communicated between and among the mobile node, the 
home domain, and the foreign domain. The mobile node and the home domain 
share an encryption key for encrypting messages, and the encryption keys for 
encrypting data to be communicated between the mobile node and one or more 
5 of the home domain and the foreign domain are encrypted using the shared 
encryption key 

According to another aspect of the present invention, a computer program 
for implementing a method of providing secure communication between a mobile 
node and a home domain using a foreign domain is provided that includes a 

10 storage medium, and instructions stored in the storage medium for: transmitting a 
registration message from the mobile node to the home domain, the message 
comprising an identity of a user of the mobile node in encrypted form and network 
routing information in non-encrypted form, the home domain receiving and 
processing the registration message to generate a registration reply comprising 

15 one or more encryption keys for encrypting messages to be communicated 

between and among the mobile node, home domain, and the foreign domain, and 
transmitting the registration reply from the home domain to the foreign domain 
and the mobile node. 

According to another aspect of the present invention, a communications 

20 network is provided that includes an initiator, a responder, and means for 
establishing a security association between the initiator and the responder. 

According to another aspect of the present invention, a method of 
providing secure communications between an initiator and a responder in a 
communications network is provided that includes establishing a security 

25 association between the initiator and the responder. 

According to another aspect of the present invention, a computer program 
for providing secure communications between an initiator and a responder in a 
communications network is provided that includes a storage, and instructions 
recorded in the storage for establishing a security association between the 

30 initiator and the responder. 

According to another aspect of the present invention, a protocol extension 
message for negotiating a security association between an initiator and a 
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responder in a communications network is provided that includes a security 
association payload for negotiating the security association, one or more 
proposal payloads for defining the security association including one or more 
transforms, one or more transform payloads for defining the transforms, and one 
5 or more key exchange payloads for defining encryption keys used in the 
transforms. 

According to another aspect of the present invention, a method of 
providing an encryption key for securing communications between an initiator and 
a responder in a communications network is provided that includes the initiator 
0 generating an initiator Diffie-Hellman computed value, the initiator transmitting 
the initiator Diffie-Hellman computed value to the responder, the responder 
generating the encryption key and a responder Diffie-Hellman computed value, 
the responder transmitting the responder Diffie-Hellman computed value to the 
initiator, and the initiator generating the encryption key 

According to another aspect of the present invention, a method of 
providing encryption keys for use in securing communications between an 
initiator and a responder in a communications network is provided that includes 
providing a predefined shared secret to the initiator and responder, generating an 
encryption key for securing communications between the initiator and responder, 
encrypting the encryption key for securing communications between the initiator 
and responder using the predefined shared secret, and transmitting the encrypted 
encryption key for securing communications between the initiator and responder 
to the initiator and responder. 

According to another aspect of the present invention, a method of 
generating an encryption key for use in securing communications between an 
initiator and a responder in a communications network is provided that includes 
generating an initial encryption key, and generating an encryption key for 
securing communications between the initiator and the responder as a pseudo 
random function of the initial encryption key. 

According to another aspect of the present invention, a communications 
network is provided that includes an encryption key distribution center for 
generating an initial encryption key, an initiator operably coupled to the 
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encryption key distribution center, and a responder operably coupled to the 
initiator. The encryption key for securing communications between the initiator 
and the responder is generated as a pseudo random function of the initial 
encryption key. 

According to another aspect of the present invention, a communications 
network is provided that includes means for generating an initial encryption key, 
an initiator operably coupled to the means for generating the initial encryption 
key, a responder operably coupled to the initiator, and means for generating an 
encryption key for securing communications between the initiator and the 
responder as a pseudo random function of the initial encryption key. 

According to another aspect of the present invention, a computer program 
for generating an encryption key for use in securing communications between an 
initiator and a responder in a communications network that includes a storage, 
and instructions stored in the storage for: generating an initial encryption key, and 
generating an encryption key for securing corpmunications between the initiator 
and the responder as a pseudo random function of the initial encryption key. 

According to another aspect of the present invention, a method of 
establishing a security association between an initiator and a responder in a 
communication network is provided that includes the initiator proposing a security 
association and the responder responding the proposal. 

According to another aspect of the present invention, a communication 
network is provided that includes an initiator, a responder operably coupled to the 
initiator, means for proposing a security association between the initiator and the 
responder, and means for responding to the proposed security association. 

According to another aspect of the present invention, a communication 
network is provided that includes an initiator, and a responder operably coupled 
to the initiator. The initiator is adapted to propose a security association between 
the initiator and the responder, and the responder is adapted to respond to the 
proposed security association. 

According to another aspect of the present invention, a computer program 
for establishing a security association between an initiator and a responder in a 
communication network is provided that includes a storage medium, and 
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instructions recorded in the storage medium for the initiator proposing a security 
association, and the responder responding the proposal. 

The present embodiments of the invention provide a number of 
advantages. For example, the system and method provide user confidentiality 
5 during the authentication process. In addition, the system and method provide 
centralized encryption key generation and distribution thereby providing easier 
management. Furthermore, the system and method provide centralized key 
generation and distribution on a real-time basis thereby providing proactive key 
distribution. In addition, the system and method is implementable using 

10 extensions to existing IP communications protocols such as, for example, mobile 
IP, Furthermore, the mobile nodes, the foreign agents, and the foreign domains 
are authenticated before the start of message transmissions thereby maintaining 
a high level of security, in addition, the mobile node and the user's personal 
information is protected from detection during the initial registration and 

15 authentication phase. Furthermore, the encryption keys are distributed such that 
secure communication pathways using the keys are established for a particular 
mobile node and are not shared by another mobile node. In addition, the system 
and method permit the security association between entities in the network to be 
dynamically configured thereby providing a rapid and efficient method of 

20 providing secure communications in a network. 
Brief Description of the Drawings 

Fig, 1 is a schematic illustration of an embodiment of a communications 
system. 

Fig. 2 is a schematic illustration of an embodiment of a communications 
25 system for providing secure communications. 

Figs. 3a and 3b are a flow chart illustration of an embodiment of a method 
of providing secure communications in the communications network of Fig. 2. 

Fig, 4a is a schematic illustration of an embodiment of the transmission of 
a registration request by the mobile node to the foreign agent of the 
30 communications network of Fig. 2. 
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Fig. 4b is a schematic illustration of an embodiment of the relay of the 
registration request by the foreign agent to the home agent in the 
communications network of Fig. 2. 

Fig. 4c is a schematic illustration of an embodiment of the transmission of 
5 a registration reply by the home agent to the foreign agent of the communications 
network of Fig. 2. 

Fig. 4d is a schematic illustration of an embodiment of the relay of the 
registration reply by the foreign agent to the mobile node in the communications 
network of Fig. 2. 

1 0 Fig. 5 is a schematic illustration of an embodiment of a registration request 

for use in the communications network of Fig. 2. 

Fig. 6 is a schematic illustration of an embodiment of a registration reply 
for use in the communications network of Fig. 2. 

Fig. 7 is a schematic illustration of an embodiment of a general purpose 
15 communication message for use in the communications network of Fig. 2. 

Fig. 8 is a schematic illustration of an embodiment of a general purpose 
network access identifier extension for use in the general purpose communication 
message of Fig. 7. 

Fig. 9 is a schematic illustration of an embodiment of a general purpose IP 
20 extension for use in the general purpose communication message of Fig. 7. 

Fig. 10 is a schematic illustration of an embodiment of a general purpose 
layer 2 address extension for use in the general purpose communication 
message of Fig. 7. 

Fig. 1 1 is a schematic illustration of an embodiment of a general purpose 
25 security association extension for use in the general purpose communication 
message of Fig. 7. 

Fig. 12 is a schematic illustration of another embodiment of a 
communications system for providing secure communications. 

Figs. 13a-13d are a flow chart illustration of an embodiment of a method of 
30 providing secure communications in the communications network of Fig. 12. 
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Fig. 14a is a schematic illustration of an embodiment of the transmission of 
a registration request by the mobile node to the foreign agent of the 
communications network of Fig. 12. 

Fig. 14b is a schematic illustration of an embodiment of the relay of the 
registration request from the foreign agent to the foreign AAA server in the 
communications network of Fig. 12. 

Fig. 14c is a schematic illustration of an embodiment of the relay of the 
registration request by the foreign AAA server to the home AAA server in the 
communications network of Fig. 12. 

Fig. 14d is a schematic illustration of an embodiment of the relay of the 
registration request by the home AAA server to the home agent in the 
communications network of Fig. 12. 

Fig. 15a is a schematic illustration of an embodiment of the transmission of 
a registration reply by the home agent to the home AAA server in the 
communications network of Fig. 12. 

Fig. 15b is a schematic illustration of an embodiment of the relay of the 
registration reply from the home AAA server to the foreign AAA server in the 
communications network of Fig. 12. 

Fig. 15c is a schematic illustration of an embodiment of the relay of the 
registration reply by the foreign AAA server to the foreign agent in the 
communications network of Fig. 12. 

Fig. 1 5d is a schematic illustration of an embodiment of the relay of the 
registration reply by the foreign agent to the mobile node in the communications 
network of Fig. 11. 

Fig. 16 is a schematic illustration of embodiments of registration requests 
and replies that include protocol extensions for negotiating the security 
associations between entities in a communications network. 

Fig. 17 is a schematic illustration of an embodiment of the protocol 
extensions of Fig. 16. 

Fig. 18 is a schematic illustration of an embodiment of the security 
association payload protocol extension of the protocol extensions of Fig. 17. 
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Fig. 19 is a schematic illustration of an embodiment of the proposal 
payload protocol extension of the protocol extensions of Fig. 17. 

Fig. 20 is a schematic illustration of an embodiment of the transform 
payload protocol extension of the protocol extensions of Fig. 17. 

Fig. 21 is a schematic illustration of an embodiment of the key exchange 
payload protocol extension for a predefined Diffie-Hellman group and secret key 
of the protocol extensions of Fig. 17. 

Fig. 22 is a schematic illustration of an embodiment of the key exchange 
payload protocol extension for a Diffie-Hellman with new define group of the 
protocol extensions of Fig, 17. 

Fig. 23 is a schematic illustration of an embodiment of the key exchange 
payload protocol extension for an encrypted secret key of the protocol extensions 
of Fig. 17. 

Fig. 24 is a schematic illustration of an illustrative embodiment of a 
security association negotiation between an initiator and a responder in a 
communication network. 

Fig. 25 is a schematic illustration of an embodiment of a security 
association negotiation between an initiator and a responder in a communications 
network. 

Fig. 26 is a schematic illustration of an illustrative embodiment of a 
registration request for use in the communications network of Fig. 25. 

Fig. 27 is a schematic illustration of an illustrative embodiment of a 
registration request for use in the communications network of Fig. 25. 

Fig. 28 is a schematic illustration of an illustrative embodiment of a 
registration request for use in the communications network of Fig. 25. 

Fig. 29 is a flow chart illustration of an embodiment of a stateless key 
generation. 

Description of the Illustrative Embodiments 

A system and method for providing secure communications in a 
communication network is provided in which the security associations between 
the entities in the communication network can be dynamically configured and 
negotiated. Furthermore, the security associations can have a defined finite 
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lifetime and they can be renewed. In this manner, secure communications in a 
' communication network can be provided in an efficient and cost effective manner. 

Referring to Fig. 2, the reference numeral 100 refers, in general, to a 
communications network according to an embodiment of the invention that 
5 includes a mobile node 102 positioned within a foreign domain 104 that is 
serviced by a foreign agent 106. The foreign agent 106 is operably coupled to 
the mobile node 102 and a home agent 108 for servicing a home domain 110 by 
communication pathways, 112 and 114, respectively. The home agent 108 is 
operably coupled to a key distribution center 1 16 by a communication pathway 

10 118. Communication between the mobile node 102, foreign agent 106, home 
agent 108, and key distribution center 116 may be provided by a conventional IP 
communications protocol such as, for example, TCP/IP. 

During operation, the mobile node 102 and the home agent 108 use a 
predefined encryption key KEY 0, or other shared secret, to permit information 

15 transmitted between the mobile node and home agent to be encrypted. In this 
manner, the mobile node 102 and the home agent 108 can always communicate 
regardless of the security of the intermediate communication pathways. In 
addition, in this manner, as the mobile node 102 roams over foreign domains, the 
mobile node can always be authenticated and registered by the home agent 108. 

20 Furthermore, in this manner, the transmission of messages in the communication 
system 100, following the registration and authentication of the mobile node 102, 
can be facilitated by the central distribution of encryption keys by the key 
distribution center 116. In an exemplary embodiment of the communication 
system 100, messages communicated between the mobile node 102 and the 

25 home agent 108 are encrypted using an encryption key KEY 1, messages 
communicated between the home agent 108 and the foreign agent 106 are 
encrypted using an encryption key KEY 2, and messages communicated between 
the mobile node 102 and the foreign agent 106 are encrypted using an encryption 
key KEY 3. 

30 Referring to Figs. 3a-3b, in an exemplary embodiment, the encryption 

keys, KEY1, KEY2, and KEY3, are generated by a process 200 in which, in step 
202, the key distribution center 1 16 generates an encryption key KEY 0 for use 
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by the mobile node 102 and the home agent 108 for encrypting information 
transmitted between the mobile node and the home agent. The encryption key 
KEY 0 is then provided to the mobile node 102 and the home agent 108 during an 
initialization process in step 204. In this manner, the mobile node 102 and the 
5 home agent 108 can always securely communicate with each other in a secure 
manner regardless of the security level of the intermediate communication 
pathways. 

During operation, the mobile node 102 may roam over the foreign domain 
1 04 that is serviced by the foreign agent 1 06. If the mobile node 1 02 roams over 

10 the foreign domain 104 that is serviced by the foreign agent 106 in step 206, then 
the mobile node 102 may receive a foreign agent advertisement from the foreign 
agent. The foreign agent advertisement may include, for example, information 
that specifies the identity of the foreign agent and the foreign domain such as the 
IP address for the foreign agent in step 208. 

15 As illustrated in Fig. 4a, upon receiving the foreign agent advertisement, 

the mobile node 102 may then transmit an encrypted registration request 300 to 
the foreign agent 106 using the communication pathway 1 12 in step 210. In an 
exemplary embodiment, as illustrated in Fig. 5, the registration request 300 
includes conventional mobile IP 302 for directing the registration message 300 to 

20 the home agent 108, a mobile node IP home address 304, a mobile node network 
access identification (NAI) extension 306, an IP extension 308, and a layer 2 
address extension 310. In an exemplary embodiment, the mobile IP home 
address 304, the mobile node NAI extension 306, the IP extension 308, and the 
layer 2 address extension 310 are encrypted using the encryption key KEY 0. 

25 Since the private portions of the registration request 300 are encrypted using the 
key KEY 0, the foreign agent 106 cannot read any of the private information 
contained in the registration request 300 such as, for example, the mobile IP 
home address 304 or the mobile node NAI extension 306. In this manner, the 
identity of the mobile node 102 is fully hidden from the foreign agent 106 until the 

30 home agent 108 authenticates the foreign domain 104 and foreign agent using 
the registration request transmitted by the mobile node. 
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As illustrated in Fig. 4b, if the communication pathway 1 14 between the 
foreign agent 106 and the home agent 108 is secure, then the foreign agent 106 
may relay the encrypted registration request 300 to the home agent 108 in steps 
212 and 214. If the communication pathway 114 between the foreign agent 106 
5 and the home agent 108 is not secure, then the foreign agent and home agent 
may secure the communication pathway in a conventional manner by, for 
example, an independent key exchange (IKE), in steps 212 and 216. Once the 
communication pathway 1 14 has been secured, then the foreign agent 106 may 
relay the encrypted registration request 300 to the home agent 106 in steps 212 
10 and 214. 

Upon receiving the encrypted registration request, the home agent 108 
may then authenticate the mobile node 102. the foreign domain 104, and the 
foreign agent 106 by decrypting the encrypted registration request using the 
encryption key KEY 0 in step 218. After registration of the mobile node 102 with 

15 the home agent 108, the home agent requests the key distribution center 1 16 to 
generate the encryption keys, KEY 1, KEY 2, and KEY 3 in step 220. The key 
distribution center 116 then generates the encryption keys, KEY 1, KEY 2. and 
KEY 3, and transmits the encryption keys to the home agent 108 for distribution 
to the mobile node 102 and foreign agent 106 in step 222. 

20 As illustrated in Figs. 4c, 4d, and 6, in step 224, the home agent 108 may 

distribute the encryption keys, KEY 1 , KEY 2, and KEY 3, to the mobile node 102 
and the foreign agent 106 by transmitting a registration reply 400 that, in an 
exemplary embodiment, includes conventional mobile IP 402 for directing the 
registration reply 400 to the mobile node 102, a first security association (SA) 

25 extension 404 including the encryption key KEY 2 in unencrypted form, a second 
Security association extension 406 including the encryption key KEY 3 in 
unencrypted form; a third Security association extension 408 including the 
encryption key KEY 3 in encrypted form using the encryption key KEY 0, and a 
fourth Security association extension 410 including the encryption key KEY 1 in 

30 encrypted form using the encryption key KEY 0. The security association 

generally refers to security parameters used for providing secure communications 
in the system 100 including, for example, shared secret encryption keys, and 
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Other security attributes. In an exemplary embodiment, the system 1 00 uses a 
security parameters index (SPI) to index the security associations used by the 
system 100 in a database maintained and controlled by the home agent 108 
and/or the key distribution center 116. 
5 The foreign agent 106 receives the registration reply 300 and extracts the 

first and second Security association extensions, 404 and 406. including the 
encryption keys KEY 2 and KEY 3 in unencrypted form. The mobile node 102 
then receives the registration reply 400 and extracts the third and fourth Security 
association extensions, 408 and 410, including the encryption keys KEY 3 and 

10 KEY 1 In encrypted form. The mobile node 102 then decrypts the encrypted form 
of the encryption keys KEY 3 and KEY 1 using the encryption key KEY 0. 

Referring to Fig. 7, in an exemplary embodiment, the mobile node 102, 
foreign agent 106, home agent 108, and key distribution center 116 communicate 
with one another using a general purpose communication message 500 that 

15 includes standard mobile IP 502, an IP home address 504, a general purpose 
network access identifier extension 506, a general purpose IP extension 508, a 
general purpose layer 2 address extension 510, and a general purpose Security 
association extension 512. 

More generally, the encryption keys, KEY 0, KEY 1, KEY 2, and KEY 3, 

20 may be security associations that define the security parameters of the 
communications between the respective entities of the network 100. 

Referring to Fig. 8, in an exemplary embodiment, the general purpose 
network access identifier extension 506 includes a type field 602, a length field 
604, a content-type field 606, a flag E field 608, a security parameters index (SPI) 

25 field 61 0. and an NAI-INFO field 612. The type field 602 indicates the type of 
network access identifier extension, and the length field 604 indicates the length 
of the NAI-INFO field 612. The content-type field 614 indicates the type of entity 
that owns the network access identifier. In an exemplary embodiment, a 0 
indicates that the network access identifier is owned by a mobile node, a 1 

30 indicates that the network access identifier is owned by a foreign agent, and a 2 
indicates that the network access identifier is owned by a home agent. In an 
exemplary embodiment, if the flag E field 608 contains a 1. then the contents of 

- 14- 

3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCTAJSOO/27352 



the NAI-INFO field 612 are encrypted. The contents of the SPI field 610 defines 
the encryption key and the type of encryption algorithm that are used to encrypt 
the NAI-INFO field 612. The NAI-INFO field contains the network access 
identifier string in an encrypted or regular string format. 

Referring to Fig. 9, in an exemplary embodiment, the general purpose IP 
extension 508 includes a type field 702, a length field 704, a content-type field 
708, a flag E field 708, a security parameters index (SPI) field 710, and an IP- 
INFO field 712. The type field 702 indicates the type of IP extension, and the 
length field 704 indicates the length of the IP-INFO field 712. The content-type 
field 714 indicates the type of entity that owns the IP address. In an exemplary 
embodiment, a 0 indicates that the IP address is owned by a mobile node and/or 
a home agent, and a 1 Indicates that the IP address is owned by a router. In an 
exemplary embodiment, if the flag E field 708 contains a 1 , then the contents of 
the IP-INFO field 712 are encrypted. The contents of the SPI field 710 defines 
the encryption key and the type of encryption algorithm that are used to encrypt 
the IP-INFO field 712. The IP-INFO field contains the IP address in an encrypted 
or regular format. 

Referring to Fig. 10, in an exemplary embodiment, the general purpose 
layer 2 (L2) extension 510 includes a type field 902. a length field 904. a content- 
type field 906, a flag E field 908, a security parameters index (SPI) field 910, and 
an L2-ADDRESS-INF0 field 912. The type field 902 indicates the type of layer 2 
extension, and the length field 904 indicates the length of the L2-ADDRESS- 
INFO field 91 2. The content-type field 914 indicates the type of layer 2 
addresses included in the extension. In an exemplary embodiment, a 0 indicates 
that an Ethernet address, a 1 indicates an International Mobile Subscriber Identity 
(IMSI) address, and a 2 indicates a Mobile Identification Number (MIN) address. 
In an exemplary embodiment, if the flag E field 908 contains a 1 , then the 
contents of the L2 -ADDRESS-INFO field 912 are encrypted. The contents of the 
SPI field 910 defines the encryption key and the type of encryption algorithm that 
are used to encrypt the L2-ADDRESS-INF0 field 912. The L2-ADDRESS-INF0 
field contains the layer 2 address in an encrypted or regular format. 
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Referring to Fig. 1 1 , in an exemplary embodiment, the general purpose 
security association extension 512 includes a type field 902, a length field 904, a 
content-type field 906, a flag E field 908, a security parameters index (SPI) field 
910, and an SA-INFO field 912. The type field 902 indicates the type of Security 
association extension, and the length field 904 indicates the length of the SA- 
INFO field 912. The content-type field 914 indicates the type of entity that owns 
the IP address. In an exemplary embodiment, a 0 indicates that a mobile node 
and/or a foreign agent own the IP address, and a 1 indicates that a foreign agent 
and/or a home agent own the IP address. In an exemplary embodiment, if the 
flag E field 908 contains a 1, then the contents of the SA-INFO field 912 are 
encrypted. The contents of the SPI field 910 defines the encryption key and the 
type of encryption algorithm that are used to encrypt the SA-INFO field 912. The 
SA-INFO field contains the information necessary to establish security 
association such as, for example, a security parameters index (SPI), a private 
key, and the type of algorithm needed for encryption and decryption. 

More generally, the system 100 may include a plurality of mobile nodes 
102, foreign domains 104, foreign agents 106, home agents 108, communication 
pathways, 1 12, 114 and 118, and key distribution centers 116. in the general 
application of the system 100", all of the encryption keys are unique thereby 
providing security for all communication pathways and entities. 

Referring initially to Fig. 12, an alternative embodiment of a communication 
system 1000 includes a mobile node 1002 positioned within a foreign domain 
1004 that is sen/iced by a foreign agent 1006. The foreign agent 1006 is 
operably coupled to the mobile node 1002, a foreign authentication, authorization 
and accounting (AAA) sen/er 1008 positioned within the foreign domain 1004, 
and a home agent 1010 for servicing a home domain 1010a by communication 
pathways. 1012, 1014. and 1016, respectively. A home AAA server 1018 is 
operably coupled to the foreign AAA server 1008 and the home agent 1010 by 
communication pathways, 1020 and 1022, respectively. A central key distribution 
center 1024 is operably coupled to the home agent 1010 by a communication 
pathway 1026. Communication between the mobile node 1002, foreign agent 
1006, foreign AAA server 1008, home agent 1010, home AAA server 1018, and 
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key distribution center 1024 may be provided by a conventional IP communication 
protocol such as, for example, TCP/IP. 

During operation, the mobile node 1002 and the home agent 1010 use a 
predefined encryption key KEY 0 to permit information transmitted between the 
mobile node and home agent to be encrypted. In this manner, the mobile node 
1002 and the home agent 1010 can always communicate regardless of the level 
of security of the intermediate communication pathways. In addition, in this 
manner, as the mobile node 1002 roams over foreign domains, the mobile node 
and the foreign domain can always be authenticated and registered by the home 
agent 1010. Furthermore, in this manner, the transmission of messages in the 
communication system 1000, following the registration and authentication of the 
mobile node 1002 and foreign domain 1004, can be facilitated by the central 
distribution of encryption keys by the key distribution center 1 024. In an 
alternative embodiment, the home AAA server 1 01 8 also provides the 
functionality of the key distribution center 1 024. In an exemplary embodiment of 
the communication system 1000, messages communicated between the mobile 
node 1002 and the home agent 1010 are encrypted using an encryption key KEY 
1, messages communicated between the home agent 1010 and the foreign agent 
1006 are encrypted using an encryption key KEY 2, and messages 
communicated between the mobile node 1002 and the foreign agent 1006 are 
encrypted using an encryption key KEY 3. 

Referring to Figs. 13a-13d, in an exemplary embodiment, the encryption 
keys, KEY1 , KEY2, and KEYS, are generated by a process 2000 in which, in step 
2002, the key distribution center 1024 generates an encryption key KEY 0 for use 
by the mobile node 1002 and the home agent 1010 for encrypting information 
transmitted between the mobile node and the home agent. The encryption key 
KEY 0 is then provided to the mobile node 1002 and the home agent 1010 during 
an initialization process in step 2004. In this manner, the mobile node 1002 and 
the home agent 1010 can always communicate with each other in a secure 
manner regardless of the security level of the intermediate communication 
pathways. 
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During operation, the mobile node 1002 may roam over the foreign domain 
1004 that is serviced by the foreign agent 1006. If the mobile node 1002 roams 
over the foreign domain 1004 that is serviced by the foreign agent 1006 in step 
2006, then the mobile node 1002 may receive a foreign agent advertisement from 
the foreign agent. The foreign agent advertisement may include, for example, 
information that specifies the identity of the foreign agent and the foreign domain 
such as, for example, the IP address for the foreign agent in step 2008. 

As illustrated in Fig. 14a, upon receiving the foreign agent advertisement, 
the mobile node 1002 may then transmit an encrypted registration request 3000 
to the foreign agent 1006 using the communication pathway 1012 in step 2010. 
In an exemplary embodiment, the registration request 3000 includes one or more 
of the general elements and teachings of the registration request 200. 

As illustrated in Fig. 14b, if the communication pathway 1014 between the 
foreign agent 1006 and the foreign AAA server 1008 is secure, then the foreign 
agent 1006 may relay the registration request 3000 to the foreign AAA server 
1008 in steps 2014 and 2016. If the communication pathway 1014 between the 
foreign agent 1006 and the foreign AAA server 1008 is not secure, then the 
foreign agent and foreign AAA server may secure the communication pathway in 
a conventional manner by, for example, an independent key exchange (IKE), in 
steps 2014 and 2018. Once the communication pathway 1014 has been secured, 
then the foreign agent 1006 may relay the registration request 3000 to the foreign 
AAA server 1008 in steps 2014 and 2016. 

As illustrated in Fig. 14c, if the communication pathway 1020 between the 
foreign AAA server 1008 and the home AAA server 1018 is secure, then the 
foreign AAA server 1008 may relay the registration request 3000 to the home 
AAA server 1018 in steps 2020 and 2022. If the communication pathway 1020 
between the foreign AAA server 1008 and the home AAA server 1018 is not 
secure, then the foreign AAA server and the foreign AAA server may secure the 
communication pathway in a conventional manner by, for example, an 
independent key exchange (IKE), in steps 2020 and 2024. Once the 
communication pathway 1014 has been secured, then the foreign agent 1006 
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may relay the registration request 3000 to the foreign AAA server 1018 in steps 
2020 and 2022. 

Since the private portions of the registration request 3000 are encrypted 
using the encryption key KEY 0, the foreign agent 1006, foreign AAA server 
1008, and home AAA server 1018 cannot read any of the private information 
contained in the registration request 3000 such as, for example, the user name, 
the mobile node IP home address, or the mobile node network access identifier. 
In this manner, the identity of the mobile node 1002 is fully hidden from the 
foreign agent 1006, the foreign AAA server 1008, and the home AAA server 1018 
until the home agent 1010 authenticates the mobile node, foreign agent, and 
foreign domain using the registration request transmitted by the mobile node. 

As illustrated in Fig. 14d, upon receiving the registration request 3000, the 
home AAA server 1018 may then relay the encrypted registration request 3000 to 
the home agent 1010 using the communication pathway 1022 in step 2026. The 
home agent 1010 may then authenticate the mobile node 1002, foreign domain 
1004, and foreign agent 1006 by decrypting the registration request 3000 using 
the encryption key KEY 0 in step 2028. After registration of the mobile node 
1002, foreign domain 1004, and foreign agent 1006 with the home agent 1010, 
the home agent 1010 may then request the key distribution center 1024 to 
generate the encryption keys, KEY 1 , KEY 2, and KEY 3 in step 2030. The key 
distribution center 1024 may then generate the encryption keys, KEY 1, KEY 2, 
and KEY 3. and transmit the encryption keys to the home agent for distribution to 
the mobile node 1002 and foreign agent 1006 in steps 2032 and 2034. 

As illustrated in Figs. 15a, 15b, 15c, and 15d, in steps 2036, 2038. 2040, 
2042, 2044, and 2046, the home agent 1010 may distribute the encryption keys, 
KEY 1 , KEY 2, and KEY 3, to the mobile node 1002 and the foreign agent 1006 
by transmitting a registration reply 4000 that, in an exemplary embodiment, 
includes one or more of the elements and teachings of the registration reply 300. 
In an exemplary embodiment, the foreign agent 1 006 receives the registration 
reply 4000 and extracts the encryption keys KEY 2 and KEY 3 in unencrypted 
form. The mobile node 1002 then receives the registration reply 4000 and 
extracts the encryption keys KEY 3 and KEY 1 in encrypted form. The mobile 
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node 1 002 then decrypts the encrypted form of the encryption keys KEY 3 and 
KEY 1 using the encryption key KEY 0. 

More generally, the system 1000 may include a plurality of mobile nodes 
1002, foreign domains 1004. foreign agents 1006, foreign AAA servers 1008, 
5 home AAA servers 1018, home agents 1010, communication pathways, 1012, 
1014, 1016, 1020, and 1026, and key distribution centers 1024. In the general 
application of the system 1000, all of the encryption keys are unique thereby 
providing security for ail communication pathways and entities. 

More generally, the encryption keys, KEY 0, KEY 1, KEY 2, and KEY 3, 
10 may be security associations that define the security parameters of the 
communications between the respective entities of the network 1000. 

In an exemplary embodiment, as illustrated in Fig. 16, the systems 100 and 
1000 utilize registration requests 5000 and registration replies 5002 that include 
protocol extensions 5004 for facilitating the negotiation and establishment of the 
15 security associations between the various entities of the systems 100 and 1000 
(e.g., the mobile node, foreign agents, and home agents). 

In an exemplary embodiment, as illustrated in Fig. 17, the protocol 
extensions 5004 include a security association payload 6002, a proposal payload 
6004, a transfonn payload 6006, and/or a key exchange payload 6008. 
20 In an exemplary embodiment, the security association payload 6002 may 

be used to negotiate security association attributes. The security association 
payload 6002 may be carried as an extension, or as a substitute, for messages 
such as, for example, the registration requests 300, 3000, and 5000. In an 
exemplary embodiment, as illustrated in Fig. 18, the security association payload 
25 6002 includes a security association type 7002, a security association sub-type 
7004, a payload length 7006, and a data payload 7008. In an exemplary 
embodiment, the security association sub-type 7004 may be: (1 ) the security 
association between a mobile node and a home agent; (2) the security 
association between a mobile node and a foreign agent; (3) the security 
30 association between a home agent and a foreign agent; and (4) the security 
association between a mobile node and a serving mobility manager (SMM). In 
this manner, the particular entities associated with the security association may 
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be identified. In an exemplary embodiment, the payload length 7006 may indicate 
the length in octets of the global security association payload, including the 
security association payload 6002, all proposal payloads 6004, and all transform 
payloads 6006 associated with the proposed security association. In an 
exemplary embodiment, the data payload 7008 may include all proposal payloads 
6004, and all transform payloads 6006 associated with the proposed security 
association. 

The proposal payload 6004 may include information used during the 
negotiation of security associations between entities in a communication network. 
In particular, the proposal payload 6004 may include security mechanisms, or 
transforms, to be used to secure the communications pathway, or channel. The 
proposal payload 6004 may be carried as an extension, or as a substitute, for 
messages such as, for example, the registration requests 300, 3000, and 5000. 
In an exemplary embodiment, as illustrated in Fig. 19, the proposal payload 6004 
includes a proposal type 8002, a proposal sub-type 8004, a payload length 8006, 
a proposal number 8008, a protocol number 8010, a protocol-ID 8012, a number 
of transforms 8014, a lifetime 8016, and a security parameters index 8018. In an 
exemplary embodiment, the payload length 8006 may indicate the length in octets 
of the entire proposal payload, including the proposal payload 6002. and all 
transform payloads 6004 associated with the particular proposal payload. In an 
exemplary embodiment, if there are multiple proposal payloads with the same 
proposal number, then the payload length 8006 only applies to the current 
proposal payload and not to all proposal payloads. In an exemplary embodiment, 
the proposal number 8008 may indicate the proposal number for the current 
proposal payload 6004. In an exemplary embodiment, the protocol number 8010 
may indicate the protocol number for the current proposal payload 6004. The 
protocol refers generally to the algorithm, or transform, used to encrypt/decrypt 
messages between entities. In an exemplary embodiment, the protocol-ID 8012 
may indicate the general type of protocol for the current proposal payload 6004. 
In an exemplary embodiment, the general type of protocol may include an 
authentication protocol or an encryption protocol. In an exemplary embodiment, 
the number of transforms 8014 may indicate the number of transforms used in the 
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proposal payload 6004. In an exemplary embodiment, the lifetime 8016 may 
indicate the lifetime of the security association associated with the proposal 
payload 6004. In an exemplary embodiment, the security parameters index 8018 
provides an index value that refers to one or more predefined or dynamic security 
5 associations, security transforms, and/or other security definitions maintained in a 
database that is resident in one or more of the entitles in a communication 
network. 

The transform payload 6006 may include information used during a 
security association negotiation. In an exemplary embodiment, the transform 
0 payload 6006 includes the specific security mechanisms, or transforms, to be 
used to secure the communications pathway, or channel (e.g., the 
encryption/decryption algorithms used to encode/decode communications 
between the entities associated with the security association). The transform 
payload 6006 also may include the security association attributes associated with 
5 the particular transform. In an exemplary embodiment, as illustrated in Fig. 20, 
the transform payload 6006 includes a transform payload type 9002, a transform 
payload sub-type 9004, a transform payload length 9006, a transform number 
9008, a transform ID 9010. the number of security keys 9012, and security 
association attributes 9014. In an exemplary embodiment, the transform payload 
length 9006 provides the length in octets of the current transform payload 6006, 
the transform values, and all security association attributes. In an exemplary 
embodiment, the transform number 9008 identifies the transform number for the 
current transform payload 6006. In an exemplary embodiment, if there is more 
than one transform proposed for a specific protocol within the proposal payload, 
then each transform payload 6006 has a unique transform number. In an 
exemplary embodiment, the transform identification 9010 specifies the transform 
identifier within the current proposal. In an exemplary embodiment, the number 
of security keys 9012 Identifies the number of security keys required for the 
transform. In an exemplary embodiment, the security association attributes 9014 
includes the security association attributes for the transform Identified in the 
transform identification 9010. In an exemplary embodiment, the security 
association attributes are represented using TLV format. 
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The key exchange payload 6008 may define the key exchange technique 
and/or the encryption key to be employed in exchanging encryption keys between 
the entities associated with the security association in a communications network. 
In an exemplary embodiment, the key exchange payload 6008 may include: (1) a 
predefined Diffie-Hellman with predefined groups key exchange payload 6008a, 
(2) a user defined Diffie-Hellman group key exchange payload 6008b; and/or (3) 
a key distribution center generated secret key exchange payload 6008c. 

In an exemplary embodiment, as illustrated in Fig. 21, the predefined 
Diffie-Hellman with predefined groups key exchange payload 6008a may include 
a Diffie-Hellman type 10002, a sub-type 10004, a transform identification 10006, 
a payload length 10008, and key exchange data 10010. In an exemplary 
embodiment, the sub-type 10004 may be a Diffie-Hellman group 1 , a Diffie- 
Hellman group 2, or a secret key transferred through a secure path. In an 
exemplary embodiment, the payload length 10008 may indicate the length in 
octets of the current payload. In an exemplary embodiment, the key exchange 
data 10010 may include the key generated by the key distribution center or the 
Diffie-Hellman computed value. 

In an exemplary embodiment, as illustrated in Fig. 22, the user defined 
Diffie-Hellman group key exchange payload 6008b may include a Diffie-Hellman 
type 1 1002, a sub-type 1 1004, a payload length 1 1006, a prime number length 
11008, a prime number 1 1010, a generator length 11012, a generator 1 1014, a 
computed value length 11016, and a computed value 11018. In an exemplary 
embodiment, the sub-type 1 1004 may be a user defined group. In an exemplary 
embodiment, the payload length 11006 may indicate the length in octets of the 
current payload. In an exemplary embodiment, the prime number length 1 1008 
indicates the length of the prime number used in the Diffie-Hellman key exchange 
algorithm. In an exemplary embodiment, the prime number 1 1010 may be the 
prime number used in the Diffie-Hellman key exchange algorithm. In an 
exemplary embodiment, generator length 11012 indicates the length of the 
generator used in the Diffie-Hellman key exchange algorithm. In an exemplary 
embodiment, the generator 1 1014 may be the generator used in the Diffie- 
Hellman key exchange algorithm. In an exemplary embodiment, if P is the prime 
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number used in the Diffie-Hellman exchange, then the generator G should be 
less than, and a primitive root of, P. In an exemplary embodiment, the computed 
value length 1 1016 is the length of the public computed value for the Diffie- 
Hellman key exchange. 

In an exemplary embodiment, the key distribution center generated secret 
key exchange payload 6008c includes a type 12002, a sub-type 12004. a payload 
length 12006, a security parameter index 12008. and key exchange data 12010. 
In an exemplary embodiment, the sub-type 12004 may include a secret key that is 
transferred in encrypted form using the security association defined by a security 
parameter index. In an exemplary embodiment, the payload length 12006 
indicates the length in octets of the current payload. In an exemplary 
embodiment, the key exchange data 12010 includes the secret key generated by 
the key distribution center and encrypted using the security association defined 
by the security parameter index. 

In an exemplary embodiment, the security association payloads 6002, the 
proposal payloads 6004, the transform payloads 6006, and the key exchange 
payloads 6008 are used to build security association protocol extensions 5004 
that are in turn carried as a payload for messages such as registration requests 
5000 and registration replies 5002 for the negotiation and establishment of 
security associations between different entities (e.g., mobile node and foreign 
agent, foreign agent and home agent, mobile node and SMM). 

In an exemplary embodiment, a security association 13000 may be defined 
by a single security association payload 6002 followed by at least one. and 
possibly many, proposal payloads 6004, with at least one, and possibly many, 
transform payloads 6006 associated with each proposal payload. In an 
exemplary embodiment, each proposal payload 6004 includes a security 
parameter index and the lifetime defined for the security association. In an 
exemplary embodiment, each transform payload 6006 may include the specific 
security mechanisms, or transforms, to be used for the designated protocol. In an 
exemplary embodiment, the proposal and transform payloads, 6004 and 6006, 
are only used during the security association establishment negotiation between 
the entities. 
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Thus, in an exemplary embodiment, as illustrated in Fig. 24, a security 
association 13000 may include a security association payload 6002 with a first 
proposal payload 6004a with associated transform and key exchange payloads, 
6006a and 6008a, and a second proposal payload 6004b with associated 
transform and key exchange payloads, 6006b and 6008b. 

More generally, as illustrated in Fig. 25, an initiating entity 13002 may 
negotiate the security association with a responding entity 13004 using a 
registration request 5000 that may include the security association payload 6002, 
and one or more of the proposal payload 6004, the transform payload 6006, and 
the key exchange payload 6008. In this manner, the initiating entity 13002 (e.g. a 
mobile node) may engage in a negotiation with the responding entity (e.g. a home 
agent) in which the entities dynamically negotiate the security association 
between the entities. In this manner, the entities may dynamically generate 
and/or modify the security association between the entities. 

In particular, the proposal payload 6004 provides the initiating entity 13002 
(e.g., mobile node) with the capability to present to the responding entity 13004 
(e.g., foreign agent, home agent, SMM, or home mobility manager (HMM)) the 
security protocols and associated security mechanisms for use with the security 
association being negotiated. 

In an exemplary embodiment, as illustrated in Fig. 26, If the security 
association establishment negotiation combines multiple protocols (e.g.. 
authentication and encryption), then the registration request 5000 may include 
multiple proposal payloads 6004, each with the same proposal number. These 
proposal payloads 6004 may be considered as one global proposal and should 
not be separated by a proposal with a different proposal number. The use of the 
same proposal number in multiple proposal payloads 6004 provides a logical 
AND operation (e.g., protocol 1 AND protocol 2). On the other hand, as 
illustrated in Fig. 27, in an exemplary embodiment, if the security association 
establishment negotiation includes different security protection methods, then the 
registration request 5000 may include multiple proposal payloads 6004, each with 
a monotonically increasing proposal numbers. The use of different proposal 
numbers in multiple proposal payloads 6004 provides a logical OR operation 
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(e.g., proposal 1 OR proposal 2), where each proposal payload 6004 may include 
more than one protocol. 

The transform payload 6006 provides the initiating entity 1 3002 with the 
capability to present to the responding entity 13004 multiple security mechanisms 
or transforms for each proposal. In an exemplary embodiment, as illustrated in 
Fig. 28, the registration request 5000 may include several transforms associated 
with a specific proposal payload 6004, each identified in a separate transform 
payload 6006. The multiple transforms may be presented with monotonically 
increasing numbers in the preference order of the initiator 1 3002. The receiving 
entity 13004 may then select a single transform for each protocol in a proposal or 
reject the entire proposal. The use of the transform number in multiple transform 
payloads 6006 provides a second level OR operation (e.g., transform 1 OR 
transform 2 OR transform 3). 

In an exemplary embodiment, when responding to a security association 
payload 6002 transmitted by the initiator 13002, the responder 1 3004 may send a 
registration response 5002 including a security association payload 6002 that 
may include multiple proposal payloads 6004 and their associated transform 
payloads 6006. Each of the proposal payloads 6003 should include a single 
transform payload 6006 associated with the protocol. 

More generally, when responding to a registration request 5000 from the 
initiator 13002, the responder 13004 may accept all or a portion of the proposed 
security association, and/or propose an alternative security association. The 
initiator 13002 may then accept all or a portion of the alternative security 
association proposed by the responder 13004. This back-and-forth negotiation 
may then continue until the initiator 13002 and responder 13004 have agreed 
upon all of the elements of the security association, in this manner, the initiator 
13002 and responder 13004 may dynamically negotiate a new or modified 
security association. 

In an exemplary embodiment, the initiator 13002 and the responder 13004 
may generate encryption keys using: (1) a stateless key generation mode 14000; 
(2) a statefull key generation mode 15000; or (3) a semi-statefull key generation 
mode 16000. 
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In an exemplary embodiment, as illustrated in Fig. 29, the stateless key 
generation mode 14000 includes the initiator 13002 sending the responder 1 3004 
a registration request 5000 that includes: (1 ) a predefined Diffie-Hellman with 
predefined groups key exchange payload 6008a, or (2) a user defined 
Diffie-Hellman group key exchange payload 6008b in step 14002. In an 
exemplary embodiment, if the initiator 13002 selected a Diffie-Hellman Group 1 or 
Group 2 sub-type, then the initiator 13002 may calculate the computed value for 
the initiator (C\/i)using the formula: 



where CV; = the computed value for the initiator; 

G = the group generator; 

P = the prime number; and 

Xj = the random number generated by the initiator. 
In an exemplary embodiment, the Diffie-Hellman Group 1 prime number P and 
group generator G are: 2^^768 - 2V04 - 1 + 2'^64 * { [2^^638 n] + 149686} and 2, 
respectively. In an exemplary embodiment, the Diffie-Hellman Group 2 prime 
number P and group generator G are: 2^1024 - 2^^960 - 1 + 2''64 * { [2^^894 n] + 
1 29093} and 2, respectively. 

The responder 13004 may then receive the registration request 5000. 
extract the key exchange payload, 6008a or 6008b, and calculate the shared 
secret key K and the computed value for the responder (CV^) in step 14004. In 
an exemplary embodiment, the responder 13004 calculates the shared secret key 
K and the computed value for the responder (CV^) using the formula: 



CV^^{G'^)modP (1) 



K = (CV^'^ ) mod P = (g"'"^ ) mod P (2) 
CV^ = (G'^'^)modP (3) 



where 



K 



the secret shared key; 

the computed value for the initiator; 

the prime number; 



CVi 



P 



G 



the group generator; 

the random number generated by the initiator; 



Xi 
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Xr = the random number generated by the 

responder; and 
CVr = the computed value for the responder 
The responder 13004 may then send an authenticated registration reply 
5 5002 to the initiator 13002 that includes the computed value for the responder 
(CVr) in step 14006. Upon receiving the registration reply 5002, the initiator 
13002 may authenticate the message and generate the shared secret key K in 
step 14008. In an exemplary embodiment, in step 14008, the initiator 13002 may 
generate the shared secret key K using the following formula: 

10 K^{cv/')modP={G-'-''^)modP (4) 

where K = the secret shared key; 

CVi = the computed value for the initiator; 
P = the prime number; 
G = the group generator; 
1^ Xi = the random number generated by the initiator; 

Xr = the random number generated by the 

responder; and 
CVr = the computed value for the responder. 
The shared secret key K may then be used to authenticate or encrypt 
20 messages transmitted between the initiator 13002 and responder 13004. The 
shared secret key K may also be used to authenticate IKEs main mode or 
aggressive mode in order to start future security association and key exchanges 
between the initiator 13002 and responder 13004. In addition, the shared secret 
key K may be used to initiate an IPsec secure communication pathway, or 
25 channel, between the initiator 13002 and responder 13004. Thus, the stateless 
key generation mode 14000 does not require any interaction with a key 
distribution center. Furthermore, as wilt be recognized by persons having 
ordinary skill in the art. IKE. the IKE main mode, the IKE aggressive mode, and 
IPsec are considered well known in the art. 
30 In an exemplary embodiment, the statefull key generation mode 15000 

provides encryption keys to the different entities (e.g., mobile node, foreign agent, 
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and home agent) by obtaining the encryption keys from the key distribution 
centers 1 16 or 1024. The encryption keys (e.g., KEY 1 . KEY 2, and KEY 3) are 
then distributed to the entities using a secure communication pathway, or 
channel. If the security association between the entities is not yet established, 
5 then the encryption keys may be encrypted using a predefined shared secret key 
KEY 0 known only to the initiator 13002 and responder 13004. 

In an exemplary embodiment, the semi-statefull key generation mode 
16000 provides encryption keys to the different entities (e.g., mobile node, foreign 
node, and home agent) by obtaining a single seed encryption key KEYseed that is 
10 then used by the various entities to generate the encryption keys for 

communications between the different entities (e.g., mobile node to home agent). 
In an exemplary embodiment, the encryption key Ki/Kr for communications 
between the initiator 13002 and the recipient 13004 is derived using the following 
formula: 

15 Ki^ Kr^ prf[K,^^,NAl\NAl\l?x\lPi ) (5) 

where Ki = encryption key for communications 

between the initiator and recipient; 
Kr = encryption key for communications 

between the initiator and recipient; 
20 prf = pseudo random function; 

KsEEo ~ seed encryption key; 

NAIr = network access identifier for the 

responder; 

NAIi = network access identifier for the initiator; 

25 IPr = IP address for the recipient; and 

IPi = IP address for the initiator. 

The present illustrative embodiments provide a number of advantages. 
For example, the networks 100 and 1000 provide user confidentiality during the 
authentication and registration process. In addition, the networks 100 and 1000 
30 provide centralized encryption key generation and distribution thereby providing 
enhanced efficiency. Furthermore, the networks 100 and 1000 provide 
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centralized key generation and distribution on a real-time basis thereby providing 
proactive key distribution. In addition, the networks 100 and 1000 are 
implementable using extensions to existing IP communications protocols such as, 
for example, mobile IP. Furthermore, the mobile nodes, the foreign agents and 
5 the foreign domains of the networks 1 00 and 1 000 are authenticated before the 
start of message transmissions thereby maintaining a high level of security. In 
addition, the identity of the mobile nodes and the user's personal information in 
the networks 100 and 1000 are protected from detection during the initial 
registration and authentication phase. Furthermore, the encryption keys are 
0 . distributed in the networks 100 and 1000 such that secure communication 

pathways using the keys are established for a particular mobile node and are not 
shared by another mobile node. In.addition, and more generally, the security 
association negotiation of the present disclosure, whether implemented in the 
networks 100 or 1000, or another communication network, provides a number of 
5 advantages. For example, the security association between an initiator and a 
responder can be dynamically configured thereby providing a rapid and efficient 
method of securing communications between the initiator and responder. 
Furthermore, the teachings of the present disclosure can be applied to any 
network to thereby provide a security association between any group or groups of 
entities in the network. Finally, the security association created can have a 
predefined duration and can also be renewed or redefined by the entities in the 
network. 

It is understood that variations may be made in the foregoing without 
departing from the scope of the invention. For example, the teachings of the 
communication networks 100 and 1000 may be adapted and extended for use in 
communication networks in general. In addition, the communication protocol 
utilized in the communication networks 100 and 1000 may be extended to general 
application in all communication networks. Furthermore, the elements and 
functionality of the communication network 100 may be employed in the 
communication network 1000, and vice versa. In addition, the central key 
distribution center 24 of the communication network 100 may be distributed 
among a plurality of functional elements, including the home agent 18. In 
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addition, the central key distribution center 1024 of the communication network 
1000 may be distributed among a plurality of functional elements, including the 
home agent 1 01 0 and the home AAA server 1018. In addition, the key 
distribution centers 24 and 1024 may or may not be positioned within the home 
5 domains 1 8a and 1 01 Oa. Finally, the teachings of the security association 

negotiation between the initiator 13002 and the responder 13004 may be applied 
to the communication networks 100 and 1000, as well as to communication 
networks in general in order to provide a dynamic system for providing security 
associations between entities in a communication network. 

1 0 Although illustrative embodiments of the invention have been shown and 

described, other modifications, changes, and substitutions are intended in the 
foregoing disclosure. In some instances, some features of the present invention 
may be employed without a corresponding use of the other features. Accordingly, 
it is appropriate that the appended claims be construed broadly and in a manner 

1 5 consistent with the scope of the invention. 
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CLAIMS 

11. A system for providing secure communication of messages between a 
2 mobile node and a home domain using a foreign domain, comprising 



7 
8 
9 
10 



means for transmitting a registration request from the mobile node to the 
home domain, the request comprising an identity of the mobile node 
and user in encrypted form and network routing information in non- 
6 encrypted form; 

means for processing the registration request from the mobile node within 
the home domain and generating a registration reply comprising 
one or more encryption keys for encrypting messages to be 
communicated between and among the mobile node, home domain, 
^ ^ and the foreign domain; and 

12 means for transmitting the registration reply from the home domain to the 

^ ^ foreign domain and the mobile node. 

1 2. The system of claim 1 . wherein the means for transmitting a registration 

2 request from the mobile node to the home domain comprises: 

3 means for transmitting the registration request from the mobile node to the 

4 foreign domain; and 

5 means for transmitting the registration request from the foreign domain to 

6 the home domain. 

1 3. The system of claim 2, wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the foreign domain and 

4 the home domain. 

1 4. The system of claim 2. wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the foreign domain and 

4 the mobile node. 
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1 5. The system of claim 2, wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the home domain and 

4 the mobile node. 

1 6. The system of claim 1 , wherein the means for processing the registration 

2 request from the mobile node within the home domain comprises means for 

3 decrypting the encrypted form of the identity of the mobile node and user. 

1 7. The system of claim 1 , wherein the means for generating a registration 

2 reply comprises means for encrypting at least one of the encryption keys. 

1 8. The system of claim 7, wherein the means for generating a registration 

2 reply comprises means for encrypting the encryption keys for encrypting 

3 messages to be communicated between the mobile node and the home domain. 

4 and between the mobile node and the foreign domain. 

1 9. The system of claim 7, further comprising: 

2 means for decrypting one or more of the encrypted encryption keys. 

1 1 0. The system of claim 1 , wherein the means for generating the registration 

2 reply comprises: 

3 means for generating a first encryption key for encrypting messages to be 

4 communicated between the mobile node and the home domain; 

5 means for generating a second encryption key for encrypting messages to 

6 be communicated between the foreign domain and the home 

7 domain; and 

8 means for generating a third encryption key for encrypting messages to be 

9 communicated between the foreign domain and the mobile node. 
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1 11. The system of claim 1 0, wherein the means for generating the registration 

2 reply comprises means for encrypting at least one of the first and third encryption 

3 keys. 

1 12. The system of claim 1 1 , further comphsing: 

2 means for decrypting at least one of the encrypted first and third 

3 encryption keys. 

1 1 3. The system of claim 1 , wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 1 4. The system of claim 1 3, further including: 

2 means for extracting one or more of the encryption keys that are not 

3 encrypted from the registration reply, 

1 1 5. The system of claim 1 3, further including: 

2 means for extracting and decrypting one or more of the encryption keys 

3 that are encrypted from the registration reply. 

1 16. A method of providing secure communication between a mobile node and 



2 a home domain using a foreign domain, comprising: 



3 transmitting a registration message from the mobile node to the home 

4 domain, the message comprising an identity of a user of the mobile 

5 node in encrypted form and network routing information in non- 

6 encrypted form; 

7 the home domain receiving and processing the registration message to 

8 generate a registration reply comprising one or more encryption 

9 keys for encrypting messages to be communicated between and 

10 among the mobile node, home domain, and the foreign domain; and 

1 1 transmitting the registration reply from the home domain to the foreign 

12 domain and the mobile node. 
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13 17. The method of claim 1 6, wherein transmitting a registration request from 

1 4 the mobile node to the home domain comprises: 

1 5 transmitting the registration request from the mobile node to the foreign 

16 domain; and 

1 7 transmitting the registration request from the foreign domain to the home 

18 domain. 

1 1 8. The method of claim 1 7, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the foreign domain and the home domain. 

1 1 9. The method of claim 1 7, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the foreign domain and the mobile node. 

1 20. The method of claim 17, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the home domain and the mobile node. 

1 21 . The method of claim 16, wherein processing the registration request from 

2 the mobile node within the home domain comprises decrypting the encrypted 

3 form of the identity of the user. 

1 22. The method of claim 16, wherein generating a registration reply comprises 

2 encrypting at least one of the encryption keys. 

1 23. The method of claim 22, wherein generating a registration reply comprises 

2 encrypting the encryption keys for encrypting messages to be communicated 

3 between the mobile node and the home domain, and between the mobile node 

4 and the foreign domain. 

1 24. The method of claim 22, further comprising: 
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2 decrypting one or more of the encrypted encryption keys. 

3 25. The method of claim 16, wherein generating the registration reply 

4 comprises: 

5 generating a first encryption key for encrypting messages to be 

6 communicated between the mobile node and the home domain; 

7 generating a second encryption key for encrypting messages to be 

8 communicated between the foreign domain and the home domain; 

9 and 

10 generating a third encryption key for encrypting messages to be 

1 1 communicated between the foreign domain and the mobile node. 

1 26. The method of claim 22, wherein generating the registration reply 

2 comprises encrypting at least one of the first and third encryption keys. 

1 27. The method of claim 26, further comprising: 

2 decrypting at least one of the encrypted first and third encryption keys. 

1 28. The method of claim 16, wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 29. The method of claim 28, further including: 

2 extracting one or more of the encryption keys that are not encrypted from 

3 the registration reply. 

1 30. The method of claim 28, further including: 

2 extracting and decrypting one or more of the encryption keys that are 

3 encrypted from the registration reply. 

1 31. A communications network, comprising: 

2 a home domain; 

3 a foreign domain operabiy coupled to the home domain; and 
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4 



a mobile node operably coupled to the foreign domain; 



5 



wherein the mobile node is adapted to generate and transmit a registration 
request to the foreign domain, the registration request including an 
identity of the mobile node in encrypted form and network routing 
information in non-encrypted form; 



6 



7 



8 



9 



wherein the foreign domain is adapted to relay the registration request to 
the home domain; and 



10 



11 



wherein the home domain is adapted to receive the registration request 
and generate encryption keys for encrypting messages to be 
communicated between and among the home domain, the foreign 
domain, and the mobile node. 



12 



13 



14 



1 32. The network of claim 31 , wherein the foreign domain and the home domain 

2 are adapted to establish a secure communications pathway between the foreign 

3 domain and the home domain. 

1 33. The network of claim 31 , wherein the home domain is adapted to decode 

2 the encrypted form of the identity of the mobile node. 

1 34, The network of claim 31 , wherein the home domain is adapted to encrypt 

2 at least one of the encryption keys. 

1 35. The network of claim 34, wherein the home domain is adapted to encrypt 

2 the encryption keys for encrypting messages to be communicated between the 

3 mobile node and the home domain, and between the mobile node and the foreign 

4 domain. 

1 36. The network of claim 34, wherein the mobile node is adapted to decode 

2 one or more of the encrypted encryption keys. 

1 37. The network of claim 31 , wherein the home domain is adapted to generate: 
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3 



a first encryption key for encrypting messages to be communicated 
between the mobile node and the home domain; 



5 



a second encryption key for encrypting messages to be communicated 
between the foreign domain and the home domain; and 



6 



a third encryption key for encrypting messages to be communicated 
between the foreign domain and the mobile node. 



7 



1 38. The network of claim 37, wherein the home domain is adapted to encrypt 

2 at least one of the first and third encryption keys. 

1 39. The network of claim 38, wherein the mobile node is adapted to decode at 

2 least one of the encrypted first and third encryption keys. 

1 40. The network of claim 31 , wherein the home domain comprises: 

2 a home agent operably coupled to the foreign agent; and 

3 an encryption key distribution center operably coupled to the home agent; 

4 wherein the encryption key distribution center is adapted to generate the 

5 encryption keys. 

1 41 . The network of claim 40, wherein the home domain further comprises: 

2 a home server operably coupled to the home agent; and 

3 wherein the foreign domain comprises: 

4 a foreign agent operably coupled to the home agent and the mobile node; 

5 and 

6 a foreign server operably coupled to the foreign agent and the home 

7 server. 

1 42. The network of claim 31 , wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 
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43. The network of claim 42, wherein the foreign domain is adapted to extract 
one or more of the encryption keys that are not encrypted from the registration 
reply. 

44. The network of claim 42, wherein the mobile node is adapted to extract 
and decode one or more of the encryption keys that are encrypted from the 
registration reply. 

45. A method of providing secure communications between a mobile node and 
a home domain using a foreign domain in a communications network, comprising: 

the home domain authenticating the mobile node and the foreign domain; 
and 

transmitting messages between the mobile node and the home domain 
through the foreign domain. 

46. The method of claim 45, wherein the home domain authenticates the 
mobile node and the foreign domain during an initialization process. 

47. A registration request message for use in registering a mobile node and a 
foreign domain with a home domain in a communications network, comprising: 

a network address for the home domain; and 
a network address for the mobile node; 

wherein the home domain and the mobile node share an encryption key for 

encrypting messages; and 
wherein the network address for the mobile node is encrypted using the 

shared encryption key. 

48. A registration reply message for use in registering a mobile node and a 
foreign domain with a home domain in a communications network, comprising; 

encryption keys for encrypting messages to be communicated between 
and among the mobile node, the home domain, and the foreign 
domain; 
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6 wherein the mobile node and the home domain share an encryption key for 

7 encrypting messages; and 

8 wherein the encryption keys for encrypting messages to be communicated 

9 between the mobile node and one or more of the home domain and 
10 the foreign domain are encrypted using the shared encryption key. 

1 49, A computer program for implementing a m.ethod of providing secure 

2 communication between a mobile node and a home domain using a foreign 

3 domain, comprising: 

4 a storage medium; and 

5 instructions stored in the storage medium for: 

6 transmitting a registration message from the mobile node to the 

7 home domain, the message comprising an identity of a user 

8 of the mobile node in encrypted form and network routing 

9 information in non-encrypted form; 

the home domain receiving and processing the registration 

^ ^ message to generate a registration reply comprising one or 

"12 more encryption keys for encrypting messages to be 

communicated between and among the mobile node, home 

14 domain, and the foreign domain; and 

15 transmitting the registration reply from the home domain to the 

16 foreign domain and the mobile node. 

1 50. The computer program of claim 49, wherein transmitting a registration 

2 request from the mobile node to the home domain comprises: 

3 transmitting the registration request from the mobile node to the foreign 

4 node; and 

5 transmitting the registration request from the foreign domain to the home 

6 domain. 

1 51 . The computer program of claim 50. wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 
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3 secure communications pathway between the foreign domain and the home 

4 domain. 

1 52. The computer program of claim 50. wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 

3 secure communications pathway between the foreign domain and the mobile 

4 node. 

1 53. The computer program of claim 50, wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 

3 secure communications pathway between the home domain and the mobile node. 

1 54. The computer program of claim 49, wherein processing the registration 

2 request from the mobile node within the home domain comprises decrypting the 

3 encrypted form of the identity of the user. 

1 55. The computer program of claim 49, wherein generating a registration reply 

2 comprises encrypting at least one of the encryption keys. 

1 56. The computer program of claim 49, wherein generating a registration reply 

2 comprises encrypting the encryption keys for decrypting messages between the 

3 mobile node and the home domain, and between the mobile node and the foreign 

4 domain. 

1 57. The computer program of claim 55, further including instructions for: 

2 decrypting one or more of the encrypted encryption keys. 

1 58. The computer program of claim 49, wherein generating the registration 

2 reply comprises: 

3 generating a first encryption key for encrypting messages to be 

4 communicated between the mobile node and the home domain; 
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5 generating a second encryption key for encrypting messages to be 

6 communicated between the foreign domain and the home domain; 

7 and 

8 generating a third encryption key for encrypting messages to be 

9 communicated between the foreign domain and the mobile node. 

1 59. The computer program of claim 58, wherein generating the registration 

2 reply comprises encrypting at least one of the first and third encryption keys. 

1 60. The computer program of claim 59, further comprising instructions for: 

2 decrypting at least one of the encrypted first and third encryption keys. 

1 61 . The computer program of claim 49, wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 62. The computer program of claim 61 , further including instructions for: 

2 extracting one or more of the encryption keys that are not encrypted from 

3 the registration reply. 

1 63. The computer program of claim 61 , further including instructions for: 

2 extracting and decrypting one or more of the encryption keys that are 

3 encrypted from the registration reply. 

1 64. A communications network, comprising: 

2 an initiator; 

3 a responder; and 

4 means for dynamically establishing a security association between the 

5 initiator and the responder. 



-42- 



3/9/05, EAST Version: 2,0.1.4 



wo 01/26322 



PCT/USOO/27352 



1 



65. The network of claim 64, wherein the means for establishing a security 

2 association between the initiator and the responder comprises: 

3 means for negotiating the security association. 



1 66. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for negotiating one or more security transforms to be used to 

4 provide secure communications between the initiator and the 

5 responder 

1 67. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the number of transforms to be used to provide 

4 secure communications between the initiator and the responder. 

1 68. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the duration of at least a portion of the security 

4 association. 

1 69, The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 70. A method of providing secure communications between an initiator and a 

2 responder in a communications network, comprising: 

3 dynamically establishing a security association between the initiator and 

4 the responder. 

1 71 . The method of claim 70, further comprising: 

2 negotiating the security association. 
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1 72. The method of claim 71 , wherein negotiating the secunty association 

2 comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 

5 73. The method of claim 71 , wherein negotiating the security association 

6 comprises: 

7 proposing the number of transforms to be used to provide secure 

8 communications between the initiator and the responder. 

1 74. The method of claim 71 , wherein negotiating the security association 

2 comprises: 

3 proposing the duration of at least a portion of the security association. 

1 75. The method of claim 71 , wherein negotiating the security association 

2 comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 76. A computer program for providing secure communications between an 

2 initiator and a responder in a communications network, comprising: 

3 a storage medium; and 

4 instructions recorded in the storage medium for: 

5 dynamically establishing a security association between the initiator 

6 and the responder. 

1 77. The computer program of claim 76, further comprising instructions for: 

2 negotiating the security association. 

1 78. The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 
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1 79. The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 proposing the number of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

5 80. The computer program of claim 77, wherein negotiating the security 

6 association comprises: 

7 proposing the duration of at least a portion of the security association, 

1 81 . The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 82. A communications network, comprising: 

2 an initiator; and 

3 a responder operably coupled to the initiator; 

4 wherein the initiator and the responder are adapted to dynamically 

5 establish a security association. 

1 83. The network of claim 82, wherein establishing the security association 

2 between the initiator and the responder comprises: 

3 negotiating the security association. 

1 84. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 85. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the number of transforms to be used to provide secure 

4 communications between the initiator and the responder. 
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1 86. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the duration of at least a portion of the security association. 

1 87. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder 

1 88. A protocol extension message for negotiating a security association 

2 between an initiator and a responder in a communications network, comprising: 

3 a security association payload for negotiating the security association; 

4 one or more proposal payloads for defining the security association 

5 including one or more transforms; 

6 one or more transform payloads associated with each of the proposal 

7 payloads for defining the transforms; and 

8 one or more key exchange payloads for defining encryption keys used in 

9 the transforms. 

1 89. The protocol extension message of claim 88, wherein the security 

2 association payload comprises: 
an identification of the entities for the security association. 

The protocol extension of claim 89, wherein the entities include: 
a mobile node and a home agent. 

The protocol extension of claim 89, wherein the entities include: 
a mobile node and a foreign agent. 

The protocol extension of claim 89, wherein the entities include: 
a foreign agent and a home agent. 



1 90. 
2 

1 91. 
2 

1 92. 
2 
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1 93. The protocol extension message of claim 88, wherein the proposal payload 

2 comprises: 

3 an identification of the duration of the security association. 

1 94. The protocol extension message of claim 88, wherein the transform 

2 payload comprises: 

an identification of a number of encryption keys required for the transform. 



1 95. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 an encryption key for one of the transforms. 

1 96. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 a prime number for generating an encryption key; 

4 a generator for generating the encryption key; and 

5 a computed value for generating the encryption key. 



1 97. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 an encrypted encryption key for one of the transforms. 

1 98. A method of providing an encryption key for securing communications 

2 between an initiator and a responder in a communications network, comprising: 



3 the initiator generating an initiator Diffie-Heliman computed value; 

4 the initiator transmitting the initiator Diffie-Hellman computed value to the 

5 responder; 

6 the responder generating the encryption key and a responder Diffie- 

7 Hellman computed value; 

8 the responder transmitting the responder Diffie-Hellman computed value to 

9 the initiator; and 

10 the initiator generating the encryption key. 
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1 99. A method of providing encryption keys for use in securing communications 

2 between an initiator and a responder in a communications network, comprising: 

3 providing a predefined shared secret to the initiator and responder; 

4 generating an encryption key for securing communications between the 

5 initiator and responder; 

6 encrypting the encryption key for securing communications between the 

7 initiator and responder using the predefined shared secret; and 

8 transmitting the encrypted encryption key for securing communications 

9 between the initiator and responder to the initiator and responder. 

1 1 00. A method of generating an encryption key for use in securing 

2 communications between an initiator and a responder in a communications 

3 network, comprising: 

4 generating an initial encryption key; and 

5 generating an encryption key for securing communications between the 

6 initiator and the responder as a pseudo random function of the 

7 initial encryption key. 

1 101. The method of claim 100, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of a network 

5 access identifier of one or more of the initiator and responder. 

1 102. The method of claim 100, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 103. A communications network; comprising: 
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2 an encryption key distribution center for generating an initial encryption 

3 key; 

4 an initiator operably coupled to the encryption key distribution center; and 

5 a responder operably coupled to the initiator; 

6 wherein an encryption key for securing communications between the 

7 initiator and the responder is generated by one of the key 

8 distribution center, initiator, or responder as a pseudo random 

9 function of the initial encryption key. 

1 1 04. , The network of claim 1 03, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of a network 

5 access identifier of one or more of the initiator and responder. 

1 1 05. The network of claim 1 03, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 106. A communications network; comprising: 

2 means for generating an initial encryption key; 

3 an initiator operably coupled to the means for generating the initial 

4 encryption key; 

5 a responder operably coupled to the initiator; and 

6 means for generating an encryption key for securing communications 

7 between the initiator and the responder as a pseudo random 

8 function of the initial encryption key. 
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107. The network of claim 106, wherein the means for generating the encryption 
key for securing communications between the initiator and the responder, further 
comprises: 

means for generating the encryption key as a pseudo random function of a 
network access identifier of one or more of the initiator and 
responder. 

1 08. The network of claim 1 06. wherein the means for generating the encryption 
key for securing communications between the initiator and the responder, further 
comprises: 

means for generating the encryption key as a pseudo random function of 
an IP address of one or more of the initiator and responder. 

1 09. A computer program for generating an encryption key for use in securing 
communications between an initiator and a responder in a communications 
network, comprising: 

a storage medium; and 
instructions stored in the storage medium for: 
generating an initial encryption key; and 

generating an encryption key for securing communications between 
the initiator and the responder as a pseudo random function 
of the initial encryption key. 

1 1 0; The computer program of claim 1 09, wherein generating the encryption 
key for securing communications between the initiator and the responder, further 
comprises: 

generating the encryption key as a pseudo random function of a network 
access identifier of one or more of the initiator and responder. 

111. The computer program of claim 1 09, wherein generating the encryption 
key for securing communications between the initiator and the responder, further 
comprises: 
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4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 1 12. A method of establishing a security association between an initiator and a 

2 responder in a communication network, comprising: 

3 the initiator proposing a security association; and 

4 the responder responding the proposal. 

1 113. The method of claim 1 1 2, wherein the security association comprises: 

2 one or more security protocols. 

1 114. The method of claim 113, wherein at least a portion of the security 

2 protocols are combined. 

The method of claim 112, wherein the security association comprises: 
one or more alternative security protocols. 

A communication network, comprising: 
an initiator; 

a responder operably coupled to the initiator; 

means for proposing a security association between the initiator and the 

responder; and 
means for responding to the proposed security association. 

The network of claim 116, wherein the security association comprises: 
one or more security protocols. 

The network of claim 1 16, wherein at least a portion of the security 
protocols are combined, 

1 1 9. The network of claim 1 1 6, wherein the security association comprises: 
one or more alternative security protocols. 
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120. A communication network, comprising: 
an initiator; 

a responder operably coupled to the initiator; 

wherein the initiator is adapted to propose a security association between 

the initiator and the responder; and 
wherein the responder is adapted to respond to the proposed security 

association. 

1 21 . The network of claim 120, wherein the security association comprises: 
one or more security protocols. 

122. The network of claim 120, wherein at least a portion of the security 
protocols are combined. 

123. The network of claim 120, wherein the security association comprises: 
one or more alternative security protocols, 

124. A computer program for establishing a security association between an 
initiator and a responder in a communication network, comprising: 

a storage medium; and 

instructions recorded in the storage medium for: 

the initiator proposing a security association; and 
the responder responding the proposal. 

125. The computer program of claim 124, wherein the security association 
comprises: 

one or more security protocols. 

126. The computer program of claim 124, wherein at least a portion of the 
security protocols are combined. 
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2 comprises: 

3 one or more alternative security protocols. 



- 53 - 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



1/26 



PCT/USOO/27352 




Fig. 1 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



2/26 




3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



3/26 



200 



GENERATE ENCRYPTION KEY (KEY 0) FOR 
COMMUNICATIONS BETWEEN MOBILE NODE AND 
HOME AGENT 



202 



PROVIDE ENCRYPTION KEY (KEY 0) FOR 
COMMUNICATIONS BETWEEN MOBILE NODE AND 
HOME AGENT TO HOME AGENT AND MOBILE 
NODE 



204 




206 



MOBILE NODE RE 
ADVERTISEMENT FRO^ 
SERVICING THE F 


CEIVES AN AGENT 

/I THE FOREIGN AGENT 

■OREIGN DOMAIN 




f 



216 



208 



MOBILE NODE TRANSMITS AN ENCRYPTED 
REGISTRATION REQUEST TO THE FOREIGN 
AGENT 



FOREIGN AGENT AND 
HOME AGENT ESTABUSH 
SECURE COMMUNICATION 
PATHWAY 



210 



NO 



SECURE COMMUNICATION 
PATHWAY BETWEEN FOREIGN AGENT 
AND HOME AGENT ? 



■212 



YES 



Fig. 3a 



© 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



4/26 



200 



0 



THE FOREIGN AGENT RELAYS THE ENCRYPTED 
REGISTRATION REQUEST TO THE HOME AGENT 



214 



THE HOME AGENT AUTHENTICATES THE 
MOBILE NODE BY DECODING THE 
ENCRYPTED REGISTRATION REQUEST USING 
THE ENCRYPTION KEY (KEY 0) 



218 



THE HOME AGENT REQUESTS THE KEY 
DISTRIBUTION CENTER TO GENERATE 
ENCRYPTION KEYS FOR: 

(A) DATA COMMUNICATION BETWEEN THE 
MOBILE NODE AND HOME AGENT {KEY 1); 

(B) DATA COMMUNICATION BETWEEN THE 
HOME AGENT AND FOREIGN AGENT (KEY 2); 
AND 

(C) DATA COMMUNICATION BETWEEN THE 
MOBILE NODE AND FOREIGN AGENT (KEY 3) 



KEY DISTRIBUTION ( 
ENCRYPTION KEYS (KE 
AND TRANSMITS THE 
THE HOME AGENT 


:ENTER GENERATES 
YI.KEY 2, AND KEY 3) 
ENCRYPTION KEYS TO 
FOR DISTRIBUTION 




f 


HOME AGENT DISTRIBUTES THE 
ENCRYPTION KEYS TO THE FOREIGN AGENT 
AND THE MOBILE NODE 



222 



FIG. 3b 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCTAJSOO/27352 



5/26 



300 



MOBILE NODE 




FOREIGN 


[ ^ 


AGENT 


102 








106 



Fig. 4a 



300 



Fig. 4b 



Fig. 4c 



FOREIGN 
AGENT 
106 


1 ^ 


HOME AGENT 




108 




^400 




FOREIGN 
AGENT 
106 


1 


HOME AGENT 




108 



400 



MOBILE NODE 


' 


FOREIGN 
AGENT 


102 






106 







Fig. 4d 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 PCTAJSOO/27352 



6/26 



302 



CONVENTIONAL MOBILE IP 



300 



304 



MOBILE NODE IP HOME ADDRESS 



306 



308 



NETWORK ACCESS ID EXTENSION 



310 



LAYER 2 ADDRESS EXTENSION 



Fig. 5 



IP EXTENSION 



402 



400 



CONVENTIONAL MOBILE IP 



404 



1st SECURITY ASSOCIATION 
EXTENSION INCLUDING KEY 2 



406 



408 



2nd SECURITY ASSOCIATION 
EXTENSION INCLUDING KEY 3 



3rd SECURITY ASSOCIATION 
EXTENSION INCLUDING KEY 3 



410 



4th SECURITY ASSOCIATION 
EXTENSION INCLUDING KEY 1 



Fig. 6 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 PCT/USOO/27352 



7/26 



502 



CONVENTIONAL MOBILE IP 



500 



IP HOME ADDRESS 



504 



-A 



506 



508 



NAI EXTENSION 



IP EXTENSION 



510 



512 



-pA- 



LAYER 2 ADDRESS EXTENSION 



SA EXTENSION 



Fig. 7 



602 



TYPE 



z: 



506 



604 



LENGTH 



606 



608 



CONTENT-TYPE 



FLAG E 



610 



SPI 



-vA- 



612 



NAI-INFO 



■vA- 



Fig. 8 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCTAJSO0/273S2 



8/26 



702 



TYPE 



z: 



508 



704 



LENGTH 



706 



708 



CONTENT-TYPE 



FLAG E 



710 



SPI 



712 



IP-INFO 



Fig. 9 



802 



510 



804 



TYPE 



LENGTH 



806 



808 



CONTENT-TYPE 



FLAG E 



-pA- 



810 



SPI 



812 



L2-ADORESS-INFO 



Fig. 10 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



9/26 



902 



512 



904 



TYPE 



LENGTH 



906 



908 



CONTENT-TYPE 



FLAG E 



910 



SPI 



912 



SA-INFO 



Fig. 11 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



10/26 



1000 



KEY 
DISTRIBUTION 
CENTER 
1024 




1026 



1022 



HOME AGENT 
1010 



/ 



KEY 2 / 

I 
I 

I 
I 

I 



1016 



T 



KEYl' 



HOME AAA 
SERVER 
1018 



\ 



KEYO 



MOBILE NODE 
1002 



± 



FOREIGN 
AGENT 
1006 




1014 




FOREIGN AAA 
SERVER 
1008 



-1004 



Fig. 12 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



11/26 



2000 



GENERATE ENCRYPTION KEY (KEY 0) FOR 
COMMUNICATIONS BETWEEN MOBILE NODE AND - 
HOME AGENT 




r 


PROVIDE ENCRYPTIi 
COMMUNICATIONS BETW 
HOME AGENT TO HOM 
NO 


DN KEY (KEY 0) FOR 
^EEN MOBILE NODE AND 
E AGENT AND MOBILE 
DE 



-2002 



-2004 



NO 



MOBILE NODE 
ROAMING OVER A FOREIGN 
DOMAIN SERVED BY 
A FOREIGN AGENT 7 



-2006 



YES 



MOBILE NODE REi 
ADVERTISEMENT FRO^ 
SERVICING THE F 


:;eives an agent 

fl the FOREIGN AGENT 
FOREIGN DOMAIN 




r 


MOBILE NODE TRANS 
REGISTRATION REQU 
AGE 


MITS AN ENCRYPTED 
EST TO THE FOREIGN 
ENT 



-2008 



-2010 



© 



Fig. 13a 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



12/26 



PCT/USOO/27352 



2018 



FOREIGN AGENT AND 
FOREIGN AAA SERVER 
ESTABLISH SECURE 
COMMUNICATION 
PATHWAY 



NO 



0 



2000 



SECURE COMMUNICATION 
PATHWAY BETWEEN FOREIGN AGENT 
^ND FOREIGN AAA SERVER ? 



-2014 



2024 



THE FOREIGN AGENT RELAYS THE 
REGISTRATION RECEIPT TO THE FOREIGN AAA 
SERVER 



-2016 



FOREIGN AAA SERVER AND 
HOME AAA SERVER ESTABLISH 
SECURE COMMUNICATION 
PATHWAY 



NO 



SECURE 
COMMUNICATION 
PATHWAY BETWEEN 
FOREIGN AAA SERVER AND 
HOME AAA 
SERVER ? 



-2020 



YES 



THE FOREIGN AAA SERVER RELAYS THE 
REGISTRATION RECEIPT TO THE HOME AAA 
SERVER 



-2022 



Fig. 13b 




3/9/05, EAST Version: 2,0.1,4 



wo 01/26322 



PCT/USOO/27352 



13/26 



0 



2000 



THE HOME AAA SERVER RELAYS THE 
REGISTRATION RECEIPT TO THE HOME AGENT 



-2026 



THE HOME AGENT /S 
MOBILE NODE 
REGISTRATION RE 
ENCRYPTION 


lUTHENTICATES THE 
Y DECODING THE 
iCEIPT USING THE 
KEY (KEY 0) 


^ 




HOME AGENT REQUESTS THE KEY 
DISTRIBUTION CENTER TO GENERATE THE 
ENCRYPTION KEYS 


1 





-2028 



-2030 



THE KEY DISTRIBUTION CENTER GENERATES 
ENCRYPTION KEYS FOR: 

(A) DATA COMMUNICATION BETWEEN THE 
MOBILE NODE AND HOME AGENT (KEY 1); 

(B) DATA COMMUNICATION BETWEEN THE 
HOME AGENT AND FOREIGN AGENT (KEY 2); 
AND 

(C) DATA COMMUNICATION BETWEEN THE 
MOBILE NODE AND FOREIGN AGENT (KEY 3) 



-2032 



© 



Fig. 13c 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



14/26 



2000 



0 



2034 



HOME AGENT DISTRIBUTES THE ENCRYPTION KEYS TO THE FOREIGN AGENT 
AND THE MOBILE NODE BY GENERATING A REGISTRATION REPLY INCLUDING 
KEYS 2 & 3 IN UNENCRYPTED FORM AND KEYS 1 & 3 IN ENCRYPTED FORM 
USING ENCRYPTION KEY 0 



HOME AGENT TRANSMITS THE REGISTRATION 
REPLY TO HOME AAA SERVER 



-2036 



HOME AAA SERVER RELAYS THE 
REGISTRATION REPLY TO FOREIGN AAA 
SERVER 



-2038 



FOREIGN AAA SERVER RELAYS THE 
REGISTRATION REPLY TO FOREIGN AGENT 



-2040 



FOREIGN AGENT EXTRACTS ENCRYPTION 
KEYS (KEY 2 AND KEY 3) FROM THE 
REGISTRATION REPLY 



-2042 



FOREIGN AGENT RELAYS THE 
REGISTRATION REPLY TO MOBILE NODE 



Fig. 13d 



-2044 



MOBILE NODE DECODES REGISTRATION 
REPLY AND EXTRACTS ENCRYPTION KEYS 
(KEY 1 AND KEY 3) 



-2046 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



15/26 



-3000 



MOBILE 




FOREIGN 


NODE 




AGENT 




1002 




1006 







Fig. 14a 



-3000 



FOREIGN 
AGENT 
1006 




FOREIGN 

AAA 
SERVER 

1008 





Fig. 14b 



-3000 



Fig. 14c 



FOREIGN 

AAA 
SERVER 

1008 




HOME AAA 
SERVER 
1018 





Fig. 14d 



^3000 



HOME AAA 
SERVER 
1018 



HOME 
AGENT 
1010 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCTAJSOO/27352 



16/26 



Fig. 15a 



mo 



HOME AAA 
SERVER 
1018 



HOME 
AGENT 
1010 



^4000 

HOME 
SERl 



Fig. 15b 



FOREIGN 




HOME AAA 


AAA 






SERVER 


SERVER 




1008 




1018 



^4000 
I I FORE 



FOREIGN 
AGENT 
1006 




FOREIGN 

AAA 
SERVER 
1008 





Fig. 15c 



000 



MOBILE 




FOREIGN 


NODE 




AGENT 




1002 




1006 



Fig. 15d 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



17/26 



5000 



V 



5004 



REGISTRATION REQUEST 



PROTOCOL EXTENSIONS 



5002 



5004 



REGISTRATION REPLY 



PROTOCOL EXTENSIONS 



Fig. 16 



5004 



6002 



6004 



SECURITY ASSOCIATION PAYLOAD 



PROPOSAL PAYLOAD 



6006 



6008 



TRANSFORM PAYLOAD 



KEY EXCHANGE 
PAYLOAD 



Fig. 17 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



18/26 



6002 



7002 



7004 



TYPE 



SUB-TYPE 



7006 



7008 



PAYLOAD LENGTH 



DATA PAYLOAD 



Fig. 18 



6004 



8002 



TYPE 



8006 



PAYLOAD LENGTH 



8010 



PROTOCOL # 



8014 



# OF TRANSFORMS 



8018 



SECURITY PARAMETER INDEX 



8004 



SUB-TYPE 



8008 



PROPOSAL # 



8012 



PROTOCOL-ID 



8016 



LIFETIME 



Fig. 19 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



19/26 



9002 



6006 



9004 



TYPE 



SUB-TYPE 



9006 



9008 



PAYLOAD LENGTH 



TRANSFORM # 



9010 



9012 



TRANSFORM - ID 



# SECURITY KEYS 



9014 



SECURITY ASSOCIATION ATTRIBUTES 



Fig. 20 



-6008a 



10002 



10004 



TYPE 



SUB-TYPE 



10006 



10008 



TRANSFORM - ID 



PAYLOAD LENGTH 



10010 



KEY EXCHANGE DATA 



Fig. 21 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



20/26 



11002 



-6008b 



11004 



TYPE 



SUB-TYPE 



1 



11006 



11008 



PAYLOAD LENGTH 



PRIME NUMBER 
LENGTH 



11010 



11012 



PRIME NUMBER 



GENERATOR LENGTH 



11014 



11016 



GENERATOR 



COMPUTED VALUE LENGTH 



11018 



COMPUTED VALUE 



12002 



Fig. 22 ^6008c 



TYPE 



12004 



SUB-TYPE 



12006 



12008 



PAYLOAD LENGTH 



SECURITY ' 
PARAMETER INDEX 



12010 



KEY EXCHANGE DATA 



Fig. 23 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



21/26 



13000- 



SECURITY ASSOCIATION PAYLOAD 
6002 



— V- 

■VS rv^ 

^ PROPOSAL PAYLOAD #1 V 

A 6004a 
-^AJ Ly^ 

-vS TaA- 

^ TRANSFORM PAYLOAD #1 ^ 

V 6006a 
J i-V^ 

KEY EXCHANGE PAYLOAD #1 H^" 
A 6008a 

V^J . Ly\_ 

VS rV^ 

^ PROPOSAL PAYLOAD #2 ^ 

V 6004b 
J 

VS — r\A- 

^ TRANSFORM PAYLOAD #2 V 

V 6006b 
J 

KEY EXCHANGE PAYLOAD #2 

A 6008b 
-V^l Ly^ 



Fig. 24 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



22/26 



'5000 



INITIATOR 
13002 



RESPONDER 
13004 



-5002 



Fig. 25 



3/9/05, EAST Version: 2,0.1,4 



wo 01/26322 



PCT/USOO/27352 



23/26 



5000- 



VS rxA- 

^ PROPOSAL PAYLOAD #1 V 

V 6004a 


^At r^A- 

^ TRANSFORM PAYLOAD #1 V 

V 6006a 
-L- Ly^ 

^^'^^1 KEY EXCHANGE PAYLOAD #1 pA~ 

A 6008a 

-xA-^ KA- 

r^A- 

^ PROPOSAL PAYLOAD #1 V 

V 6004b 
— Ly^ 

-r\A- 

^ TRANSFORM PAYLOAD #2 V 

V 6006b 
-J 

KEY EXCHANGE PAYLOAD #2 
A 6008b 

-s/^ Ly^ 



Fig. 26 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



24/26 



5000- 



VS r^A- 

^ PROPOSAL PAYLOAD #1 V 

V 6004a 
^A- 

VS ■ r^A- 

^ TRANSFORM PAYLOAD #1 v 

A 6006a 

-v^ U/^ 

^^^'^l KEY EXCHANGE PAYLOAD #1 pA" 

A 6008a 
-V^J — ^/U 

VS ■ ^A- 

^ PROPOSAL PAYLOAD #2 V 

A 6004b 

— 

^At ■ taA- 

^ TRANSFORM PAYLOAD #2 V 

A 6006b 

-y^ — 

"^^'^^^l KEY EXCHANGE PAYLOAD #2 

V 6008b 




Fig. 27 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCTAJSOO/27352 



25/26 



5000- 

•VS ^ rxA- 

^ PROPOSAL PAYLOAD #1 V 

V 6004a 
Ly^ 

^ TRANSFORM PAYLOAD #1 

V 6006a 
J == 

KEY EXCHANGE PAYLOAD #1 hA" 

V 6008a 
-J =^ Lyu. 

"^^'^^ TRANSFORM PAYLOAD #2 

A 6006b 

-V^ == 

'^'^ KEY EXCHANGE PAYLOAD #2 

V 6008b 



Fig. 28 



3/9/05, EAST Version: 2.0.1.4 



wo 01/26322 



PCT/USOO/27352 



26/26 

14000 



\ 

14002 


INITIATOR SENDS RESPONDER A REGISTRATION 
REQUEST THAT INCLUDES: 

(1) A PREDEFINED Diffie-Hellman WITH 
PREDEFINED GROUPS KEY EXCHANGE PAYLOAD, 
OR 

(2) A USER DEFINED DIfRe-Hellman GROUP KEY 
EXCHANGE PAYLOAD 






f 


14004 


RESPONDER RECEIVES THE REGISTRATION. 
EXTRTACTS THE KEY EXCHANGE PAYLOAD. AND 
CALCULATES THE SHARED SECRET KEY K AND 
THE COMPUTED VALUE FOR THE RESPONDER 
(CVr) 






f 


14006 


RESPONDER TRANSMITS AN AUTHENTICATED 
REGISTRATION REPLY TO THE INITIATOR THAT 
INCLUDES A KEY EXCHANGE PAYLOAD HAVING 

THE COMPUTED VALUE FOR THE RESPONDER 
(CV,) 






r 


14008 


INITIATOR RECEIVES THE REGISTRATION REPLY. 
AUTHENTICATES TME REGISTRATION REPLY, AND 
GENERATES THE SHARED SECRET KEY 



Fig. 29 



3/9/05, EAST Version: 2.0.1.4 



